Firefox 3.x has seen great strides in the security of its extensions, and Mozilla continues to expand that effort. Chrome's developers, however, are trying to start with a secure mechanism for obtaining and updating extensions from day one.

Initially, SSL, signed extensions and a central repository for auto-updates and validation all appear to be part of the plan. Also included are

"We will provide a service designed to reduce burden to developers by reducing traffic costs and providing a robust, secure mechanism for auto-updates that they can easily leverage rather than having to handle the logistics on their own site," Chrome's developers wrote in the document. "It would also provide authors with a way to easily create and verify their extension packages and manifests."

"However, developers will always have the option to package, sign, and host extensions on their own site," they added.

The approach also entails a blacklist of known malicious or harmful add-ons, which will be disabled by the browser. The blacklist will be maintained by Chrome's central service, according to the document.

Despite the additional steps to simplify and layer more security on the process of rolling out extensions, the news still indicates the lack of a cross-browser standard API set for add-ons/extensions, which could enable build-once, deploy-everywhere scenarios.